WordPress.org

Support

Support » How-To and Troubleshooting » [Resolved] WordPress Admin Protection

[Resolved] WordPress Admin Protection

Viewing 14 replies - 1 through 14 (of 14 total)
  • esmi

    @esmi

    Forum Moderator

    Are you using an admin protection plugin?

    The only plugins I have installed are Plugins

    I’m not seeing anything in there that would cause this problem. I’m kind of thinking it my be a mysql problem.

    Using htaccess to create passwd for your web folder, 🙂

    Regards,

    This is my .htaccess.

    <files wp-config.php>
    order allow,deny
    deny from all
    </files>
    
    # Block the include-only files.
    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /
    RewriteRule ^wp-admin/includes/ - [F,L]
    RewriteRule !^wp-includes/ - [S=3]
    RewriteRule ^wp-includes/[^/]+\.php$ - [F,L]
    RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L]
    RewriteRule ^wp-includes/theme-compat/ - [F,L]
    </IfModule>
    
    # BEGIN WordPress
    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /
    RewriteRule ^index\.php$ - [L]
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /index.php [L]
    </IfModule>
    
    # END WordPress

    What exactly should be changed?

    Still have not found an answer on this.

    Moderator Jan Dembowski

    @jdembowski

    Brute Squad and Volunteer Moderator

    What answer were you looking for and what protection?

    If you mean to block wp-admin and wp-includes then there is a real chance you’ll break something without intending to.

    There are ways to harden your WordPress installation.

    http://codex.wordpress.org/Hardening_WordPress

    As well as deal with (really irritating!) Brute Force attacks.

    http://codex.wordpress.org/Brute_Force_Attacks

    Or you can even consider a security plugin (I don’t use any of those myself).

    http://wordpress.org/plugins/search.php?q=security

    But again, what are you looking for when you say “WordPress Admin Protection”?

    I’m trying to remove this useless login that pops up whenever ANYONE tries to login or register. Before the log in
    It says
    “A username and password are being requested by http://www.atheist-gamer.com. The site says: “[ WordPress Admin Protection: Please enter username ‘admin’ and password ‘wplogin’ to load your WP login page ]””

    I’m trying to remove this, it doesn’t seem to be in the .htaccess or anything.

    I have no plugins activated besides the ones right here

    http://atheist-gamer.com/PLugins%20being%20used.PNG

    Moderator Jan Dembowski

    @jdembowski

    Brute Squad and Volunteer Moderator

    “A username and password are being requested by http://www.atheist-gamer.com. The site says: “[ WordPress Admin Protection: Please enter username ‘admin’ and password ‘wplogin’ to load your WP login page ]”

    That sounds like something your host has implemented as a way to get around brute force login attempts. It won’t stop a real person from entering that admin/password combination but would stop or slow down bots from hitting wp-login.php.

    Contact your host and ask them where that’s from. That doesn’t look like anything a WordPress plugin would do or leave behind.

    ok that’s kinda what I was thinking but didn’t want to go and bug them for something that was implemented automatically.

    I’m new to the whole CMS thing and WordPress in general.

    I’m mostly a design person and 5/4 of this is new, plus there is a billion lines of stuff to go through to find what you’re looking for when it comes to researching these problems.

    also wplogin is a pretty common phrase to search for…

    Moderator Jan Dembowski

    @jdembowski

    Brute Squad and Volunteer Moderator

    Well… if you can see hidden files on your web server the look for any .htaccess files in wp-admin, wp-includes`, etc. as a just in case.

    But there really shouldn’t be any other .htaccess and posting the ID and password like that would make for an awful security feature… 😉

    I’m pretty sure it’s your host. Hopefully you’ll get someone who can confirm that.

    Yea I was thinking the same thing, I can’t find any mention of it anywhere. I emailed em, they’re usually pretty prompt.

    Thanks again for the help.

    I think I resolved it myself… I installed that all-in-one security thing, Changed the login/register page.

    And now it’s not popping up from what I can tell.
    Atheist Gamer

    Thanks again for all the help, I think it may have been the actual Login/register php file. which still doesn’t make sense to me

    I guess if the script they are using is targeting the default login/register page and you change the filename it no longer targets it, so… yea Resolved? I guess.

Viewing 14 replies - 1 through 14 (of 14 total)
  • The topic ‘[Resolved] WordPress Admin Protection’ is closed to new replies.
Skip to toolbar